NewApp Digest
search bot

environments

Windows Server 2025 Adds DNS Over HTTPS for Secure DNS Traffic
Winsage
June 13, 2026

Windows Server 2025 Adds DNS Over HTTPS for Secure DNS Traffic

Microsoft has rolled out support for DNS over HTTPS (DoH) in Windows DNS Server as part of the Windows Server 2025 update. This feature enhances the security of DNS communications through encryption and server authentication, allowing encrypted client-to-resolver traffic in on-premises DNS environments. DoH encrypts DNS queries and responses using HTTPS, protecting sensitive information from interception or alteration. It also uses digital certificates for DNS server authentication to reduce spoofing and impersonation risks. The feature is compatible with existing Windows DNS Server configurations and supports both encrypted and traditional DNS. DoH support is available on Windows Server 2025 with the June 9, 2026 update or newer. Administrators must configure a trusted TLS certificate and enable DoH in the DNS Server service to deploy this feature. Microsoft plans to extend encryption capabilities to include communication between the Windows DNS Server and upstream DNS resolvers in the future.
Windows 11 KB5094126: Microsoft's desktop.ini hardening causes some folder icons to disappear
Winsage
June 13, 2026

Windows 11 KB5094126: Microsoft’s desktop.ini hardening causes some folder icons to disappear

Following the June 2026 update, custom folder icons and localized folder names in Windows are no longer displaying as they typically would due to intentional modifications related to security updates, specifically KB5094126 for Windows 11 versions 24H2 and 25H2. This update tightens the handling of the desktop.ini file, which is used for folder customization. Although access to the actual files remains unchanged, affected folders may revert to default icons or display original directory names instead of customized labels. Microsoft has identified certain sources as untrusted, including files downloaded from the internet and specific remote sources, which affects how desktop.ini files are processed. Users are encouraged to verify file origins, and administrators should ensure that internal sources are classified as trusted to avoid disruptions in folder presentation. The update also includes other security fixes and enhancements.
Dole expands Minecraft campaign with pineapple focus
AppWizard
June 13, 2026

Dole expands Minecraft campaign with pineapple focus

Dole is launching a 15-week campaign starting June 21 across North America and Europe, focusing on pineapples and targeting younger audiences. This campaign includes in-game rewards for Minecraft players, such as a branded ‘pineapple hoodie.’ The previous campaign resulted in a 20-fold increase in website visits from QR code scans, generating 2 million landing page views and significant social media impressions. Over 60% of participants expressed increased intent to purchase Dole’s fruit after engaging with the campaign. This year's campaign will feature new recipes, digital puzzles, and offline engagement activities, along with QR-enabled stickers in retail environments to connect purchases to digital rewards.
Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE)
Tech Optimizer
June 13, 2026

Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE)

On June 10th, Splunk released an advisory for CVE-2026-20253, a high-severity vulnerability with a CVSS score of 9.8 that requires no authentication. The vulnerability is associated with the PostgreSQL Sidecar Service Endpoint and affects Splunk Enterprise versions 10 and above. In default installations, the service is not installed on Windows but is installed and enabled by default on AWS. The vulnerability allows unauthorized users to create and truncate arbitrary files through an API that lacks authentication controls. Additionally, it enables the execution of SQL commands via a backup and restore mechanism, potentially leading to remote code execution (RCE). A Detection Artefact Generator has been developed to help organizations assess their vulnerability to this issue.
Hackers Use Fake Windows Update Installers to Deliver OnyxC2 Credential Stealer
Winsage
June 12, 2026

Hackers Use Fake Windows Update Installers to Deliver OnyxC2 Credential Stealer

OnyxC2 is a sophisticated credential stealer available for a subscription fee of 0 per month, distributed through disguised lures such as fake Windows updates and legitimate software installers. It functions as a commercial product with features like an automated payload builder, tiered licensing, and a centralized web dashboard. The malware boasts a 99% detection-evasion rate, successfully evading major antivirus solutions during tests. It is developed in C++, utilizing direct system calls and mutating with each build to avoid detection. OnyxC2 collects data from around 210 applications, targeting 45 web browsers, password managers, cryptocurrency wallets, and FTP clients. The malware is delivered using DLL sideloading, where a password-protected archive contains a legitimate application and a malicious DLL. The attacker's DLL is disguised by inflating its size and is loaded by a trusted binary. The malicious code remains encrypted on disk and decrypts in memory to evade analysis. OnyxC2 communicates with a Cloudflare-fronted command-and-control server to manage infected hosts and execute commands like hardware registration and cookie uploads. The threat extends to business environments, targeting FTP and email clients, with stolen session cookies allowing ongoing access to corporate infrastructure. Implementing anti-data exfiltration controls is recommended as a mitigation strategy.
Microsoft fixes Windows update failures linked to WUSA installer
Winsage
June 12, 2026

Microsoft fixes Windows update failures linked to WUSA installer

Microsoft resolved an issue affecting the installation of Windows updates released since May 2025, which primarily impacted users using the Windows Update Standalone Installer (WUSA) from a network share, especially in enterprise environments. The problem was significant for devices running Windows 11 24H2/25H2 and Windows Server 2025, but did not occur when handling a single .msu file or when files were stored locally. In August 2025, Microsoft acknowledged that updates installed using WUSA might fail with error ERRORBADPATHNAME when multiple .msu files were involved. A Known Issue Rollback Group Policy was implemented in September 2025 to mitigate the impact on home and non-managed business devices. The issue was ultimately resolved with cumulative updates released in June 2026 for Windows 11 (KB5079391) and Windows Server 2025 (KB5094125). Microsoft provided a workaround for users experiencing difficulties with prior updates by suggesting they save .msu files locally for installation. Users were also advised to wait at least 15 minutes after installing an .msu file via WUSA before checking the Update History page. Additionally, Microsoft had previously addressed another issue in April 2025 that affected enterprise customers installing security updates via WSUS, which recurred in the August 2025 updates. Microsoft warned customers about potential issues with installing the latest monthly updates on devices upgraded to Windows 11 24H2 or 25H2.
Minecraft Dungeons 2
AppWizard
June 12, 2026

Minecraft Dungeons 2

Mojang is developing Minecraft Dungeons 2, a sequel that enhances the original game's mechanics and introduces an interconnected world for exploration. The game features multiplayer cooperative play for up to four players, improved matchmaking, and full cross-platform play at launch. New gameplay elements include a mini-inventory for loadout adjustments, the ability to jump and execute jump attacks, and a guiding line for navigation. Character customization has been expanded, allowing armor categorization by body parts and the introduction of Talismans, which provide passive abilities. The game includes a new Deep Dark biome with visual enhancements and a challenging boss encounter, the Twisted Warden. Minecraft Dungeons 2 is set to release on September 29th for Xbox Series X|S, PlayStation 5, PC, and Nintendo Switch.
6 Android Auto apps that are essential when I'm off-roading
AppWizard
June 12, 2026

6 Android Auto apps that are essential when I’m off-roading

Android Auto is expanding its functionality for outdoor activities with a variety of apps designed for off-road navigation and exploration. These applications cater to different vehicle types, including RVs and ATVs, and many off-road vehicles now come with built-in Android Auto systems. Aftermarket multimedia units are also available for those without factory-installed screens. Key apps include: - onX Offroad/Hunt: Provides access to verified off-road trails, difficulty ratings, and land boundaries, with features for hunters including landowner information and offline maps. - National Park Service: Offers interactive trail maps, self-guided tours, and downloadable park information, enhancing the experience of exploring U.S. national parks. - RV Life: Assists RV owners in planning safe routes based on their vehicle's dimensions, avoiding low bridges and restricted roads, though it requires a subscription for Android Auto integration. - Gaia GPS: A navigation tool for areas with limited cell service, featuring various map layers and the ability to track position and access downloaded maps on the vehicle's display. - Spotify: Allows users to download music and podcasts for offline listening through Android Auto, requiring a premium subscription and a brief online connection every 30 days.
Why do mech games rarely let you leave the cockpit? Brigador Killers devs joke that the feature 'added five years of development time'
AppWizard
June 12, 2026

Why do mech games rarely let you leave the cockpit? Brigador Killers devs joke that the feature ‘added five years of development time’

The text discusses the appreciation for mech games that allow players to exit their mechs and explore the world on foot, highlighting the complexity this feature adds to game development. It mentions two titles that incorporate this concept: Psycho Patrol R and Brigador Killers, the latter of which has been in development for a decade. The lead designer, Hugh Monahan, noted that the decision to allow players to get out of the mech added five years to development time. The game features pre-rendered environments and an isometric perspective, but with increased complexity compared to its predecessor. The addition of on-foot gameplay enhances player immersion and clarifies the player's role, while also necessitating new mechanics for interactions, such as picking up weapons and engaging with the environment. Brigador Killers recently received an update with new story content and quality-of-life improvements.
Search